714 matches found
Design/Logic Flaw
The Getahead Direct Web Remoting DWR framework 1.1.4 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...
PT-2007-3710 · Getahead · Getahead Dwr
Name of the Vulnerable Software and Affected Versions: Getahead Direct Web Remoting DWR framework version 1.1.4 Description: The issue allows remote attackers to obtain data through a web page that retrieves the data using a URL in the SRC attribute of a SCRIPT element and captures the data using...
Microsoft Remoting Client Detection
Binary data 3886.prm...
TCP Channel Detection
The remote host is running a TCP-based .NET Remoting Channel Service, also known as a 'TCP channel'. .NET Remoting is an API developed by Microsoft and used for interprocess communications, and a channel service provides the mechanism by which such communications occur. Two channel services are...
Microsoft Remoting Client Detection (deprecated)
Binary data 3885.prm...
Design/Logic Flaw
Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to cause a denial of service memory exhaustion and servlet outage via unknown vectors related to a large number of calls in a batch...
Cross site request forgery (csrf)
Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks...
CVE-2007-0185
Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to cause a denial of service memory exhaustion and servlet outage via unknown vectors related to a large number of calls in a batch...
CVE-2006-6916
CVE-2006-6916 affects Getahead Direct Web Remoting (DWR) prior to 1.1.3. The provided connected Red Hat entry corroborates that attackers can cause a denial of service (infinite loop) via crafted input. The exact root cause, vulnerable component(s) within DWR, affected versions beyond the stated ...
CVE-2007-0185
DWR (Getahead Direct Web Remoting) before version 1.1.4 is vulnerable to denial of service due to memory exhaustion triggered by a large number of batched calls; the specific vectors are not detailed in the provided documents. No remediation details are present here.
CVE-2007-0184
CVE-2007-0184 concerns Getahead Direct Web Remoting (DWR) prior to 1.1.4. A crafted request can bypass include/exclude checks and enable unauthorized access to public methods, indicating an authorization bypass vulnerability . The connected documents reference this CVE across multiple advisories ...
CVE-2006-4724
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service infinite loop via unspecified vectors involving a crafted command...
PT-2025-33029
Name of the Vulnerable Software and Affected Versions: Hyland OnBase versions prior to 17.0.2.87 Description: Hyland OnBase is vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the...
PT-2025-50337
Name of the Vulnerable Software and Affected Versions Barracuda Service Center versions prior to 2025.1.1 Description Barracuda Service Center, part of the RMM solution, has a .NET Remoting service that does not adequately protect against the deserialization of arbitrary types. This can allow for...